diff --git a/.sops.yaml b/.sops.yaml index f828b47..1379cf1 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,7 +7,6 @@ keys: - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097 - &hosts - &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 - - &hintbooth age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg @@ -21,7 +20,6 @@ creation_rules: - *swarsel age: - *winters - - *hintbooth - *bakery - *toto - *surface @@ -34,7 +32,6 @@ creation_rules: - *swarsel age: - *winters - - *hintbooth - *bakery - *toto - *surface @@ -47,7 +44,6 @@ creation_rules: - *swarsel age: - *nbl - - *hintbooth - *bakery - *toto - *surface @@ -135,8 +131,6 @@ creation_rules: key_groups: - pgp: - *swarsel - age: - - *hintbooth - path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc key_groups: diff --git a/SwarselSystems.org b/SwarselSystems.org index 40b6879..a572bdd 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -866,7 +866,7 @@ Lastly, in order make this actually available to my configurations, i use the =i #+begin_src nix-ts :tangle nix/globals.nix # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix - { self, inputs, ... }: + { inputs, ... }: { flake = { config, lib, ... }: { @@ -875,8 +875,7 @@ Lastly, in order make this actually available to my configurations, i use the =i globalsSystem = lib.evalModules { prefix = [ "globals" ]; specialArgs = { - inherit (inputs.self.pkgs.x86_64-linux ) lib; # fuck - # inherit (self.outputs) lib; + inherit lib; inherit inputs; inherit (config) nodes; }; @@ -922,7 +921,6 @@ Lastly, in order make this actually available to my configurations, i use the =i inherit (globalsSystem.config.globals) domains services - networks hosts user root @@ -2602,7 +2600,7 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/winters/default.nix - { lib, minimal, ... }: + { lib, config, minimal, ... }: { imports = [ @@ -2620,12 +2618,20 @@ This is my main server that I run at home. It handles most tasks that require bi # mac = config.repo.secrets.local.home-mac; # }; + networking = { + inherit (config.repo.secrets.local) hostId; + hostName = "winters"; + firewall.enable = true; + enableIPv6 = false; + firewall.allowedTCPPorts = [ 80 443 ]; + }; + swarselsystems = { info = "ASRock J4105-ITX, 32GB RAM"; flakePath = "/root/.dotfiles"; isImpermanence = false; - isSecureBoot = false; - isCrypted = false; + isSecureBoot = true; + isCrypted = true; isBtrfs = false; isLinux = true; isNixos = true; @@ -2646,7 +2652,6 @@ This is my main server that I run at home. It handles most tasks that require bi }; swarselmodules.server = { - diskEncryption = lib.mkForce false; nfs = lib.mkDefault true; nginx = lib.mkDefault true; kavita = lib.mkDefault true; @@ -2738,7 +2743,7 @@ This is my main server that I run at home. It handles most tasks that require bi ***** Main Configuration #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/default.nix - { inputs, lib, config, minimal, nodes, globals, ... }: + { inputs, lib, config, configName, minimal, nodes, globals, ... }: { imports = [ @@ -2751,6 +2756,13 @@ This is my main server that I run at home. It handles most tasks that require bi loader.efi.canTouchEfiVariables = true; }; + networking = { + inherit (config.repo.secrets.local) hostId; + hostName = configName; + firewall.enable = true; + enableIPv6 = true; + }; + swarselsystems = { info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; flakePath = "/root/.dotfiles"; @@ -2774,7 +2786,6 @@ This is my main server that I run at home. It handles most tasks that require bi microvmHost = true; }; server = { - diskEncryption = lib.mkForce false; # TODO: disable nfs = false; nginx = false; kavita = false; @@ -3048,7 +3059,6 @@ This is my main server that I run at home. It handles most tasks that require bi isNixos = true; rootDisk = "/dev/sda"; swapSize = "8G"; - networkKernelModules = [ "igb" ]; }; } // lib.optionalAttrs (!minimal) { @@ -3058,12 +3068,6 @@ This is my main server that I run at home. It handles most tasks that require bi router = false; }; - swarselmodules = { - server = { - nginx = lib.mkForce false; # we get this from the server profile - }; - }; - } #+end_src @@ -3723,10 +3727,7 @@ This is a slim setup for developing base configuration. I do not track the hardw }; swarselmodules = { - server = { - network = lib.mkForce false; - diskEncryption = lib.mkForce false; - }; + server.network = lib.mkForce false; }; swarselsystems = { @@ -3997,7 +3998,7 @@ TODO: cleanup this mess environment.etc."issue".text = '' ~SwarselSystems~ IP of primary interface: \4 - These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0} + These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{wlan0} The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -4035,7 +4036,7 @@ TODO: cleanup this mess programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; - "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'"; + "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; "swarsel-kernel-module" = "lspci -k -d"; }; @@ -4081,66 +4082,59 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/default.nix - { self, config, pkgs, lib, minimal, ... }: - let - mainUser = "demo"; - in - { + { self, config, pkgs, lib, minimal, ... }: + let + mainUser = "demo"; + in + { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - { - _module.args.diskDevice = config.swarselsystems.rootDisk; - } - ]; + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + { + _module.args.diskDevice = config.swarselsystems.rootDisk; + } + ]; - environment.variables = { - WLR_RENDERER_ALLOW_SOFTWARE = 1; - }; + environment.variables = { + WLR_RENDERER_ALLOW_SOFTWARE = 1; + }; - services.qemuGuest.enable = true; + services.qemuGuest.enable = true; - boot = { - loader.systemd-boot.enable = lib.mkForce true; - loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - }; + boot = { + loader.systemd-boot.enable = lib.mkForce true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + }; - networking = { - hostName = "hotel"; - firewall.enable = true; - }; + networking = { + hostName = "hotel"; + firewall.enable = true; + }; - swarselmodules = { - server = { - network = lib.mkForce false; - diskEncryption = lib.mkForce false; - }; - }; + swarselsystems = { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + isBtrfs = false; + inherit mainUser; + isLinux = true; + isPublic = true; + isNixos = true; + }; - swarselsystems = { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - isBtrfs = false; - inherit mainUser; - isLinux = true; - isPublic = true; - isNixos = true; - }; - - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - hotel = true; - minimal = true; - }; - } + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + hotel = true; + minimal = true; + }; + } #+end_src @@ -4441,10 +4435,10 @@ in }; subnetMask4 = mkOption { - type = types.nullOr types.net.ipv4; + type = types.nullOr types.net.cidrv4; description = "The dotted decimal form of the subnet mask of this network"; readOnly = true; - default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4; + default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; }; cidrv6 = mkOption { @@ -4879,7 +4873,6 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the useUserPackages = true; verbose = true; backupFileExtension = "hm-bak"; - overwriteBackup = true; users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops @@ -6935,7 +6928,6 @@ Here we just define some aliases for rebuilding the system, and we allow some in environment.shellAliases = lib.recursiveUpdate { nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; - ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; } @@ -7057,60 +7049,9 @@ Here we just define some aliases for rebuilding the system, and we allow some in inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; - serviceUser = "nginx"; - serviceGroup = serviceUser; - - sslBasePath = "/etc/ssl"; - dhParamsPathBase = "${sslBasePath}/dhparams.pem"; - dhParamsPath = - if config.swarselsystems.isImpermanence then - "/persist/${dhParamsPathBase}" - else - "${dhParamsPathBase}"; in { options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; - options.services.nginx = { - recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block."; - virtualHosts = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule { - options.locations = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule (submod: { - options = { - recommendedSecurityHeaders = lib.mkOption { - type = lib.types.bool; - default = config.services.nginx.recommendedSecurityHeaders; - description = "Whether to add additional security headers to this location."; - }; - - X-Frame-Options = lib.mkOption { - type = lib.types.str; - default = "DENY"; - description = "The value to use for X-Frame-Options"; - }; - }; - config = lib.mkIf submod.config.recommendedSecurityHeaders { - extraConfig = lib.mkBefore '' - # Enable HTTP Strict Transport Security (HSTS) - add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; - - # Minimize information leaked to other domains - add_header Referrer-Policy "origin-when-cross-origin"; - - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options "${submod.config.X-Frame-Options}"; - add_header X-Content-Type-Options "nosniff"; - ''; - }; - }) - ); - }; - } - ); - }; - }; config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego @@ -7123,68 +7064,24 @@ Here we just define some aliases for rebuilding the system, and we allow some in ''; }; - users.groups.acme.members = [ "nginx" ]; - security.acme = { acceptTerms = true; defaults = { inherit dnsProvider; email = address3; environmentFile = "${config.sops.templates."certs.secret".path}"; - reloadServices = [ "nginx" ]; - dnsPropagationCheck = true; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { - files = [ dhParamsPathBase ]; - }; - services.nginx = { enable = true; - user = serviceUser; - group = serviceGroup; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; - recommendedBrotliSettings = true; - recommendedSecurityHeaders = true; - sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL"; - sslDhparam = dhParamsPathBase; - virtualHosts.fallback = { - default = true; - rejectSSL = true; - locations."/".extraConfig = '' - deny all; - ''; - }; + # virtualHosts are defined in the respective sections }; - system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { - deps = [ "generateDHParams" "users" "groups" ]; - }; - system.activationScripts."generateDHParams" = - { - text = '' - set -eu - - ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} - ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} - - if [ ! -f "${dhParamsPathBase}" ]; then - ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 - chmod 0644 ${dhParamsPath} - chown ${serviceUser}:${serviceGroup} ${dhParamsPath} - fi - ''; - deps = [ - "etc" - (lib.mkIf config.swarselsystems.isImpermanence "specialfs") - ]; - }; }; } #+end_src @@ -7252,7 +7149,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t networking = { inherit (config.repo.secrets.local.networking) hostId; hostName = config.node.name; - nftables.enable = lib.mkDefault false; + nftables.enable = lib.mkDefault true; enableIPv6 = lib.mkDefault true; firewall = { enable = lib.mkDefault true; @@ -7277,10 +7174,10 @@ lspci -nn | grep -i 'network\|ethernet' #+RESULTS: : 04:00.0 Network controller [0280]: MEDIATEK Corp. MT7922 802.11ax PCI Express Wireless Network Adapter [14c3:0616] -From the last bracket you then find out the correct kernel module: +From the last bracket, then take the first value to find out the correct kernel module: #+begin_src shell :exports both -lspci -k -d 14c3:0616 +lspci -k -d 14c3: #+end_src #+RESULTS: @@ -7290,86 +7187,40 @@ lspci -k -d 14c3:0616 | | Kernel | modules: | mt7921e | | | | | | | | | #+begin_src nix-ts :tangle modules/nixos/server/disk-encrypt.nix - { self, pkgs, lib, config, globals, minimal, ... }: - let - localIp = globals.networks.home.hosts.${config.node.name}.ipv4; - subnetMask = globals.networks.home.subnetMask4; - gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; + { self, lib, config, globals, ... }: + let + localIp = globals.networks.home.hosts.${config.node.name}.ipv4; + subnetMask = globals.networks.home.subnetMask4; + gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; + in + { + options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; + config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { - hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; - in - { - options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; - options.swarselsystems.networkKernelModules = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - }; - config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { + boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; + boot.initrd = { + availableKernelModules = [ "r8169" ]; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 22; + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + }; + postCommands = '' + echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + ''; + }; + }; - system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { - text = '' - [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} - ''; - deps = [ "users" ]; - }; - - environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { - files = [ hostKeyPath ]; - }; - - boot = lib.mkIf (config.swarselprofiles.server || minimal) { - kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ - "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" - ]; - initrd = { - availableKernelModules = config.swarselsystems.networkKernelModules; - network = { - enable = true; - udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 2222; # avoid hostkey changed nag - authorizedKeyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - hostKeys = [ hostKeyPath ]; - }; - # postCommands = '' - # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - # ''; - }; - systemd = { - initrdBin = with pkgs; [ - cryptsetup - ]; - services = { - unlock-luks = { - description = "Unlock LUKS encrypted root device"; - wantedBy = [ "initrd.target" ]; - after = [ "network-online.target" ]; - before = [ "sysroot.mount" ]; - path = [ "/bin" ]; - - # Configure how the service behaves - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - - # The actual commands to unlock the drive - script = '' - echo "systemctl default >> /root/.profile" - ''; - }; - }; - }; - }; - }; - }; - - } + }; + } #+end_src **** Router @@ -8304,8 +8155,6 @@ lspci -k -d 14c3:0616 serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; - - nextcloudVersion = "32"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -8326,7 +8175,7 @@ lspci -k -d 14c3:0616 trusted_proxies = [ "0.0.0.0" ]; overwriteprotocol = "https"; }; - package = pkgs."nextcloud${nextcloudVersion}"; + package = pkgs.nextcloud31; hostName = serviceDomain; home = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}"; @@ -8334,7 +8183,7 @@ lspci -k -d 14c3:0616 configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; + inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; }; extraAppsEnable = true; config = { @@ -9750,18 +9599,8 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/ -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -133,7 +133,7 @@ in programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; - "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'"; + "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; "swarsel-kernel-module" = "lspci -k -d"; }; diff --git a/modules/home/common/kitty.nix b/modules/home/common/kitty.nix index 2778a54..2b57e93 100644 --- a/modules/home/common/kitty.nix +++ b/modules/home/common/kitty.nix @@ -4,25 +4,11 @@ config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; - keybindings = - let - bindWithModifier = lib.mapAttrs' (key: lib.nameValuePair ("ctrl+shift" + key)); - in - bindWithModifier { - "page_up" = "scroll_page_up"; - "up" = "scroll_page_up"; - "page_down" = "scroll_page_down"; - "down" = "scroll_page_down"; - "w" = "no_op"; - }; + keybindings = { }; settings = { - cursor_blink_interval = 0; - disable_ligatures = "cursor"; + scrollback_lines = 10000; enable_audio_bell = false; notify_on_cmd_finish = "always 20"; - open_url_with = "xdg-open"; - scrollback_lines = 100000; - scrollback_pager_history_size = 512; }; }; }; diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index 562f68a..c5fac9b 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -1,4 +1,4 @@ -{ lib, config, nixosConfig ? config, ... }: +{ lib, config, ... }: { options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; config = lib.mkIf config.swarselmodules.ssh { @@ -22,7 +22,43 @@ controlPath = "~/.ssh/master-%r@%n:%p"; controlPersist = "no"; }; - } // nixosConfig.repo.secrets.common.ssh.hosts; + "pfsense" = { + hostname = "192.168.1.1"; + user = "root"; + }; + "bakery" = { + hostname = "192.168.1.136"; + user = "root"; + }; + "dgx" = { + hostname = "192.168.48.200"; + user = "swarsel"; + }; + "winters" = { + hostname = "192.168.178.24"; + user = "root"; + }; + "minecraft" = { + hostname = "130.61.119.129"; + user = "opc"; + }; + "milkywell" = { + hostname = "193.122.53.173"; + user = "root"; + }; + "moonside" = { + hostname = "130.61.238.239"; + user = "root"; + }; + "songdiver" = { + hostname = "89.168.100.65"; + user = "ubuntu"; + }; + "pkv" = { + hostname = "46.232.248.161"; + user = "root"; + }; + }; }; }; } diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 12ebb83..7f24286 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -125,83 +125,83 @@ in in lib.recursiveUpdate { - "${modifier}+0" = "workspace 10:十"; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+e" = "workspace 13:E"; - "${modifier}+Ctrl+f" = "workspace 16:F"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Down" = "focus down"; - "${modifier}+Escape" = "exec wlogout"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+Left" = "focus left"; - "${modifier}+Return" = "exec swarselzellij"; - "${modifier}+Right" = "focus right"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+x" = "exec swarselcheck -k"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; + "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; + "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + # "${modifier}+Escape" = "mode $exit"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+Escape" = "exec wlogout"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; + "${modifier}+Ctrl+t" = "workspace 14:T"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+Shift+Down" = "move down 40px"; "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Up" = "focus up"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+f" = "exec firefox"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+q" = "kill"; "${modifier}+r" = "mode resize"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+x" = "exec swarselcheck -k"; - # "${modifier}+Escape" = "mode $exit"; # "${modifier}+Return" = "exec kitty"; + "${modifier}+Return" = "exec swarselzellij"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; diff --git a/modules/home/common/zellij-keybinds.nix b/modules/home/common/zellij-keybinds.nix deleted file mode 100644 index 8ff17b9..0000000 --- a/modules/home/common/zellij-keybinds.nix +++ /dev/null @@ -1,1233 +0,0 @@ -{ lib, config, ... }: -{ - config = lib.mkIf config.swarselmodules.zellij { - programs.zellij = { - settings.keybinds = { - _props.clear-defaults = true; - - locked = { - _children = [ - { - bind = { - _args = [ "Ctrl g" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - ]; - }; - - pane = { - _children = [ - { - bind = { - _args = [ "left" ]; - _children = [{ MoveFocus._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [{ MoveFocus._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [{ MoveFocus._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [{ MoveFocus._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "c" ]; - _children = [ - { SwitchToMode._args = [ "renamepane" ]; } - { PaneNameInput._args = [ 0 ]; } - ]; - }; - } - { - bind = { - _args = [ "d" ]; - _children = [ - { NewPane._args = [ "down" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "e" ]; - _children = [ - { TogglePaneEmbedOrFloating = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "f" ]; - _children = [ - { ToggleFocusFullscreen = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [{ MoveFocus._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ MoveFocus._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ MoveFocus._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ MoveFocus._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "n" ]; - _children = [ - { NewPane = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [{ SwitchFocus = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl p" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "r" ]; - _children = [ - { NewPane._args = [ "right" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "w" ]; - _children = [ - { ToggleFloatingPanes = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "z" ]; - _children = [ - { TogglePaneFrames = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - ]; - }; - - tab = { - _children = [ - { - bind = { - _args = [ "left" ]; - _children = [{ GoToPreviousTab = { }; }]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [{ GoToNextTab = { }; }]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [{ GoToPreviousTab = { }; }]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [{ GoToNextTab = { }; }]; - }; - } - { - bind = { - _args = [ "1" ]; - _children = [ - { GoToTab._args = [ 1 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "2" ]; - _children = [ - { GoToTab._args = [ 2 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "3" ]; - _children = [ - { GoToTab._args = [ 3 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "4" ]; - _children = [ - { GoToTab._args = [ 4 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "5" ]; - _children = [ - { GoToTab._args = [ 5 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "6" ]; - _children = [ - { GoToTab._args = [ 6 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "7" ]; - _children = [ - { GoToTab._args = [ 7 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "8" ]; - _children = [ - { GoToTab._args = [ 8 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "9" ]; - _children = [ - { GoToTab._args = [ 9 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "[" ]; - _children = [ - { BreakPaneLeft = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "]" ]; - _children = [ - { BreakPaneRight = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "b" ]; - _children = [ - { BreakPane = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [{ GoToPreviousTab = { }; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ GoToNextTab = { }; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ GoToPreviousTab = { }; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ GoToNextTab = { }; }]; - }; - } - { - bind = { - _args = [ "n" ]; - _children = [ - { NewTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "r" ]; - _children = [ - { SwitchToMode._args = [ "renametab" ]; } - { TabNameInput._args = [ 0 ]; } - ]; - }; - } - { - bind = { - _args = [ "s" ]; - _children = [ - { ToggleActiveSyncTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "Ctrl t" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "x" ]; - _children = [ - { CloseTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "tab" ]; - _children = [{ ToggleTab = { }; }]; - }; - } - ]; - }; - - resize = { - _children = [ - { - bind = { - _args = [ "left" ]; - _children = [{ Resize._args = [ "Increase left" ]; }]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [{ Resize._args = [ "Increase down" ]; }]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [{ Resize._args = [ "Increase up" ]; }]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [{ Resize._args = [ "Increase right" ]; }]; - }; - } - { - bind = { - _args = [ "+" ]; - _children = [{ Resize._args = [ "Increase" ]; }]; - }; - } - { - bind = { - _args = [ "-" ]; - _children = [{ Resize._args = [ "Decrease" ]; }]; - }; - } - { - bind = { - _args = [ "=" ]; - _children = [{ Resize._args = [ "Increase" ]; }]; - }; - } - { - bind = { - _args = [ "H" ]; - _children = [{ Resize._args = [ "Decrease left" ]; }]; - }; - } - { - bind = { - _args = [ "J" ]; - _children = [{ Resize._args = [ "Decrease down" ]; }]; - }; - } - { - bind = { - _args = [ "K" ]; - _children = [{ Resize._args = [ "Decrease up" ]; }]; - }; - } - { - bind = { - _args = [ "L" ]; - _children = [{ Resize._args = [ "Decrease right" ]; }]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [{ Resize._args = [ "Increase left" ]; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ Resize._args = [ "Increase down" ]; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ Resize._args = [ "Increase up" ]; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ Resize._args = [ "Increase right" ]; }]; - }; - } - { - bind = { - _args = [ "Ctrl n" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - ]; - }; - - move = { - _children = [ - { - bind = { - _args = [ "left" ]; - _children = [{ MovePane._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [{ MovePane._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [{ MovePane._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [{ MovePane._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [{ MovePane._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "Ctrl h" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ MovePane._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ MovePane._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ MovePane._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "n" ]; - _children = [{ MovePane = { }; }]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [{ MovePaneBackwards = { }; }]; - }; - } - { - bind = { - _args = [ "tab" ]; - _children = [{ MovePane = { }; }]; - }; - } - ]; - }; - - scroll = { - _children = [ - { - bind = { - _args = [ "e" ]; - _children = [ - { EditScrollback = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "s" ]; - _children = [ - { SwitchToMode._args = [ "entersearch" ]; } - { SearchInput._args = [ 0 ]; } - ]; - }; - } - ]; - }; - - search = { - _children = [ - { - bind = { - _args = [ "c" ]; - _children = [{ SearchToggleOption._args = [ "CaseSensitivity" ]; }]; - }; - } - { - bind = { - _args = [ "n" ]; - _children = [{ Search._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "o" ]; - _children = [{ SearchToggleOption._args = [ "WholeWord" ]; }]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [{ Search._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "w" ]; - _children = [{ SearchToggleOption._args = [ "Wrap" ]; }]; - }; - } - ]; - }; - - session = { - _children = [ - { - bind = { - _args = [ "c" ]; - _children = [ - { - LaunchOrFocusPlugin._args = [ "configuration" ]; - LaunchOrFocusPlugin._children = [ - { floating._args = [ true ]; } - { move_to_focused_tab._args = [ true ]; } - ]; - } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "Ctrl o" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [ - { - LaunchOrFocusPlugin._args = [ "plugin-manager" ]; - LaunchOrFocusPlugin._children = [ - { floating._args = [ true ]; } - { move_to_focused_tab._args = [ true ]; } - ]; - } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "w" ]; - _children = [ - { - LaunchOrFocusPlugin._args = [ "session-manager" ]; - LaunchOrFocusPlugin._children = [ - { floating._args = [ true ]; } - { move_to_focused_tab._args = [ true ]; } - ]; - } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - ]; - }; - - "shared_except \"locked\"" = { - _children = [ - { - bind = { - _args = [ "Alt left" ]; - _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "Alt down" ]; - _children = [{ MoveFocus._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "Alt up" ]; - _children = [{ MoveFocus._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "Alt right" ]; - _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "Alt +" ]; - _children = [{ Resize._args = [ "Increase" ]; }]; - }; - } - { - bind = { - _args = [ "Alt -" ]; - _children = [{ Resize._args = [ "Decrease" ]; }]; - }; - } - { - bind = { - _args = [ "Alt =" ]; - _children = [{ Resize._args = [ "Increase" ]; }]; - }; - } - { - bind = { - _args = [ "Alt [" ]; - _children = [{ PreviousSwapLayout = { }; }]; - }; - } - { - bind = { - _args = [ "Alt ]" ]; - _children = [{ NextSwapLayout = { }; }]; - }; - } - { - bind = { - _args = [ "Alt f" ]; - _children = [{ ToggleFloatingPanes = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl g" ]; - _children = [{ SwitchToMode._args = [ "locked" ]; }]; - }; - } - { - bind = { - _args = [ "Alt h" ]; - _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "Alt i" ]; - _children = [{ MoveTab._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "Alt j" ]; - _children = [{ MoveFocus._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "Alt k" ]; - _children = [{ MoveFocus._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "Alt l" ]; - _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "Alt n" ]; - _children = [{ NewPane = { }; }]; - }; - } - { - bind = { - _args = [ "Alt o" ]; - _children = [{ MoveTab._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "Ctrl q" ]; - _children = [{ Quit = { }; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"move\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl h" ]; - _children = [{ SwitchToMode._args = [ "move" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"session\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl o" ]; - _children = [{ SwitchToMode._args = [ "session" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"scroll\" \"search\" \"tmux\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl b" ]; - _children = [{ SwitchToMode._args = [ "tmux" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"scroll\" \"search\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl s" ]; - _children = [{ SwitchToMode._args = [ "scroll" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"tab\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl t" ]; - _children = [{ SwitchToMode._args = [ "tab" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"pane\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl p" ]; - _children = [{ SwitchToMode._args = [ "pane" ]; }]; - }; - } - ]; - }; - - "shared_except \"locked\" \"resize\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl n" ]; - _children = [{ SwitchToMode._args = [ "resize" ]; }]; - }; - } - ]; - }; - - "shared_except \"normal\" \"locked\" \"entersearch\"" = { - _children = [ - { - bind = { - _args = [ "enter" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - ]; - }; - - "shared_except \"normal\" \"locked\" \"entersearch\" \"renametab\" \"renamepane\"" = { - _children = [ - { - bind = { - _args = [ "esc" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - ]; - }; - - "shared_among \"pane\" \"tmux\"" = { - _children = [ - { - bind = { - _args = [ "x" ]; - _children = [ - { CloseFocus = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - ]; - }; - - "shared_among \"scroll\" \"search\"" = { - _children = [ - { - bind = { - _args = [ "PageDown" ]; - _children = [{ PageScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "PageUp" ]; - _children = [{ PageScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "left" ]; - _children = [{ PageScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [{ ScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [{ ScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [{ PageScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl b" ]; - _children = [{ PageScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl c" ]; - _children = [ - { ScrollToBottom = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "d" ]; - _children = [{ HalfPageScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl f" ]; - _children = [{ PageScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [{ PageScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ ScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ ScrollUp = { }; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ PageScrollDown = { }; }]; - }; - } - { - bind = { - _args = [ "Ctrl s" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "u" ]; - _children = [{ HalfPageScrollUp = { }; }]; - }; - } - ]; - }; - - entersearch = { - _children = [ - { - bind = { - _args = [ "Ctrl c" ]; - _children = [{ SwitchToMode._args = [ "scroll" ]; }]; - }; - } - { - bind = { - _args = [ "esc" ]; - _children = [{ SwitchToMode._args = [ "scroll" ]; }]; - }; - } - { - bind = { - _args = [ "enter" ]; - _children = [{ SwitchToMode._args = [ "search" ]; }]; - }; - } - ]; - }; - - renametab = { - _children = [ - { - bind = { - _args = [ "esc" ]; - _children = [ - { UndoRenameTab = { }; } - { SwitchToMode._args = [ "tab" ]; } - ]; - }; - } - ]; - }; - - "shared_among \"renametab\" \"renamepane\"" = { - _children = [ - { - bind = { - _args = [ "Ctrl c" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - ]; - }; - - renamepane = { - _children = [ - { - bind = { - _args = [ "esc" ]; - _children = [ - { UndoRenamePane = { }; } - { SwitchToMode._args = [ "pane" ]; } - ]; - }; - } - ]; - }; - - "shared_among \"session\" \"tmux\"" = { - _children = [ - { - bind = { - _args = [ "d" ]; - _children = [{ Detach = { }; }]; - }; - } - ]; - }; - - tmux = { - _children = [ - { - bind = { - _args = [ "left" ]; - _children = [ - { MoveFocus._args = [ "left" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "down" ]; - _children = [ - { MoveFocus._args = [ "down" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "up" ]; - _children = [ - { MoveFocus._args = [ "up" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "right" ]; - _children = [ - { MoveFocus._args = [ "right" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "space" ]; - _children = [{ NextSwapLayout = { }; }]; - }; - } - { - bind = { - _args = [ "\"" ]; - _children = [ - { NewPane._args = [ "down" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "%" ]; - _children = [ - { NewPane._args = [ "right" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "," ]; - _children = [{ SwitchToMode._args = [ "renametab" ]; }]; - }; - } - { - bind = { - _args = [ "[" ]; - _children = [{ SwitchToMode._args = [ "scroll" ]; }]; - }; - } - { - bind = { - _args = [ "Ctrl b" ]; - _children = [ - { Write._args = [ 2 ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "c" ]; - _children = [ - { NewTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "h" ]; - _children = [ - { MoveFocus._args = [ "left" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [ - { MoveFocus._args = [ "down" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [ - { MoveFocus._args = [ "up" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [ - { MoveFocus._args = [ "right" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "n" ]; - _children = [ - { GoToNextTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "o" ]; - _children = [{ FocusNextPane = { }; }]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [ - { GoToPreviousTab = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "z" ]; - _children = [ - { ToggleFocusFullscreen = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - ]; - }; - }; - }; - }; - -} diff --git a/modules/home/common/zellij.nix b/modules/home/common/zellij.nix index 47492ff..92d4507 100644 --- a/modules/home/common/zellij.nix +++ b/modules/home/common/zellij.nix @@ -5,55 +5,6 @@ programs.zellij = { enable = true; enableZshIntegration = true; - settings = { - pane_frames = false; - simplified_ui = false; - default_shell = "zsh"; - copy_on_select = true; - on_force_close = "detach"; - show_startup_tips = false; - support_kitty_keyboard_protocol = true; - default_layout = "swarsel"; - layout_dir = "${config.home.homeDirectory}/.config/zellij/layouts"; - theme_dir = "${config.home.homeDirectory}/.config/zellij/themes"; - scrollback_lines_to_serialize = config.programs.kitty.settings.scrollback_lines; - session_serialization = true; - - copy_command = - if pkgs.stdenv.hostPlatform.isLinux then - "wl-copy" - else if pkgs.stdenv.hostPlatform.isDarwin then - "pbcopy" - else - ""; - ui.pane_frames = { - rounded_corners = true; - hide_session_name = true; - }; - plugins = { - tab-bar.path = "tab-bar"; - status-bar.path = "status-bar"; - strider.path = "strider"; - compact-bar.path = "compact-bar"; - }; - # configuration = { - # _props.location = "zellij:configuration"; - # }; - # filepicker = { - # _props.location = "zellij:strider"; - # cwd = "/"; - # }; - # plugin-manager = { - # _props.location = "zellij:plugin-manager"; - # }; - # session-manager = { - # _props.location = "zellij:session-manager"; - # }; - # welcome-screen = { - # _props.location = "zellij:session-manager"; - # welcome_screen = true; - # }; - }; }; home.packages = with pkgs; [ @@ -61,8 +12,8 @@ ]; xdg.configFile = { - # "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; - "zellij/layouts/swarsel.kdl".text = import "${self}/files/zellij/layouts/swarsel.kdl.nix" { inherit config pkgs; }; + "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; + "zellij/layouts/default.kdl".text = import "${self}/files/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; }; }; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index 7813983..b941eb1 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -23,7 +23,6 @@ in hg = "history | grep"; hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom"; nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; - ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; magit = "emacsclient -nc -e \"(magit-status)\""; diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index ad74838..3e8c36e 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -105,23 +105,6 @@ in # }; # }; - wayland.windowManager.sway = - let - inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress; - in - { - config = { - keybindings = - let - inherit (config.wayland.windowManager.sway.config) modifier; - in - { - "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; - "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; - }; - }; - }; - stylix = { targets.firefox.profileNames = let diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix index c33aa95..8d226d4 100644 --- a/modules/nixos/common/globals.nix +++ b/modules/nixos/common/globals.nix @@ -13,10 +13,10 @@ let }; subnetMask4 = mkOption { - type = types.nullOr types.net.ipv4; + type = types.nullOr types.net.cidrv4; description = "The dotted decimal form of the subnet mask of this network"; readOnly = true; - default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4; + default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; }; cidrv6 = mkOption { diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 3b2d332..0941d5c 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -7,7 +7,6 @@ useUserPackages = true; verbose = true; backupFileExtension = "hm-bak"; - overwriteBackup = true; users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops diff --git a/modules/nixos/server/disk-encrypt.nix b/modules/nixos/server/disk-encrypt.nix index 8c569c0..dddc1a4 100644 --- a/modules/nixos/server/disk-encrypt.nix +++ b/modules/nixos/server/disk-encrypt.nix @@ -1,80 +1,34 @@ -{ self, pkgs, lib, config, globals, minimal, ... }: +{ self, lib, config, globals, ... }: let localIp = globals.networks.home.hosts.${config.node.name}.ipv4; subnetMask = globals.networks.home.subnetMask4; gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; - - hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; in { options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; - options.swarselsystems.networkKernelModules = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - }; config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { - system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { - text = '' - [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} - ''; - deps = [ "users" ]; - }; - - environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { - files = [ hostKeyPath ]; - }; - - boot = lib.mkIf (config.swarselprofiles.server || minimal) { - kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ - "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" - ]; - initrd = { - availableKernelModules = config.swarselsystems.networkKernelModules; - network = { + boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; + boot.initrd = { + availableKernelModules = [ "r8169" ]; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { enable = true; - udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 2222; # avoid hostkey changed nag - authorizedKeyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - hostKeys = [ hostKeyPath ]; - }; - # postCommands = '' - # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - # ''; - }; - systemd = { - initrdBin = with pkgs; [ - cryptsetup + port = 22; + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) ]; - services = { - unlock-luks = { - description = "Unlock LUKS encrypted root device"; - wantedBy = [ "initrd.target" ]; - after = [ "network-online.target" ]; - before = [ "sysroot.mount" ]; - path = [ "/bin" ]; - - # Configure how the service behaves - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - - # The actual commands to unlock the drive - script = '' - echo "systemctl default >> /root/.profile" - ''; - }; - }; + hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; }; + postCommands = '' + echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + ''; }; }; - }; + }; } diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index 16ea0bd..e7ab275 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -20,18 +20,8 @@ let certBase = "/etc/ssl"; certsDir = "${certBase}/certs"; privateDir = "${certBase}/private"; - certPathBase = "${certsDir}/${serviceName}.crt"; - certPath = - if config.swarselsystems.isImpermanence then - "/persist${certPathBase}" - else - "${certPathBase}"; - keyPathBase = "${privateDir}/${serviceName}.key"; - keyPath = - if config.swarselsystems.isImpermanence then - "/persist${keyPathBase}" - else - "${keyPathBase}"; + certPath = "${certsDir}/${serviceName}.crt"; + keyPath = "${privateDir}/${serviceName}.key"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -64,16 +54,6 @@ in globals.services.${serviceName}.domain = serviceDomain; - environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { - files = [ - certPathBase - keyPathBase - ]; - }; - - system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { - deps = [ "generateSSLCert-${serviceName}" "users" "groups" ]; - }; system.activationScripts."generateSSLCert-${serviceName}" = let daysValid = 3650; @@ -84,15 +64,13 @@ in set -eu ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} - ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir} - ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""} need_gen=0 - if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then + if [ ! -f "${certPath}" ] || [ ! -f "${keyPath}" ]; then need_gen=1 else - enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)" + enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPath}" | cut -d= -f2)" end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)" now_epoch="$(${pkgs.coreutils}/bin/date +%s)" seconds_left=$(( end_epoch - now_epoch )) @@ -114,10 +92,7 @@ in chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}" fi ''; - deps = [ - "etc" - (lib.mkIf config.swarselsystems.isImpermanence "specialfs") - ]; + deps = [ "etc" ]; }; services = { @@ -128,9 +103,9 @@ in domain = serviceDomain; origin = "https://${serviceDomain}"; # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; - tls_chain = certPathBase; + tls_chain = certPath; # tls_key = config.sops.secrets.kanidm-self-signed-key.path; - tls_key = keyPathBase; + tls_key = keyPath; bindaddress = "0.0.0.0:${toString servicePort}"; trust_x_forward_for = true; }; diff --git a/modules/nixos/server/network.nix b/modules/nixos/server/network.nix index 661e76b..90b8c0e 100644 --- a/modules/nixos/server/network.nix +++ b/modules/nixos/server/network.nix @@ -15,7 +15,7 @@ networking = { inherit (config.repo.secrets.local.networking) hostId; hostName = config.node.name; - nftables.enable = lib.mkDefault false; + nftables.enable = lib.mkDefault true; enableIPv6 = lib.mkDefault true; firewall = { enable = lib.mkDefault true; diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index c2d5af0..50e8b9f 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -9,8 +9,6 @@ let serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; - - nextcloudVersion = "32"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -31,7 +29,7 @@ in trusted_proxies = [ "0.0.0.0" ]; overwriteprotocol = "https"; }; - package = pkgs."nextcloud${nextcloudVersion}"; + package = pkgs.nextcloud31; hostName = serviceDomain; home = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}"; @@ -39,7 +37,7 @@ in configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; + inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; }; extraAppsEnable = true; config = { diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix index cfe9330..bccbcc0 100644 --- a/modules/nixos/server/nginx.nix +++ b/modules/nixos/server/nginx.nix @@ -3,60 +3,9 @@ let inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; - serviceUser = "nginx"; - serviceGroup = serviceUser; - - sslBasePath = "/etc/ssl"; - dhParamsPathBase = "${sslBasePath}/dhparams.pem"; - dhParamsPath = - if config.swarselsystems.isImpermanence then - "/persist/${dhParamsPathBase}" - else - "${dhParamsPathBase}"; in { options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; - options.services.nginx = { - recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block."; - virtualHosts = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule { - options.locations = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule (submod: { - options = { - recommendedSecurityHeaders = lib.mkOption { - type = lib.types.bool; - default = config.services.nginx.recommendedSecurityHeaders; - description = "Whether to add additional security headers to this location."; - }; - - X-Frame-Options = lib.mkOption { - type = lib.types.str; - default = "DENY"; - description = "The value to use for X-Frame-Options"; - }; - }; - config = lib.mkIf submod.config.recommendedSecurityHeaders { - extraConfig = lib.mkBefore '' - # Enable HTTP Strict Transport Security (HSTS) - add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; - - # Minimize information leaked to other domains - add_header Referrer-Policy "origin-when-cross-origin"; - - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options "${submod.config.X-Frame-Options}"; - add_header X-Content-Type-Options "nosniff"; - ''; - }; - }) - ); - }; - } - ); - }; - }; config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego @@ -69,67 +18,23 @@ in ''; }; - users.groups.acme.members = [ "nginx" ]; - security.acme = { acceptTerms = true; defaults = { inherit dnsProvider; email = address3; environmentFile = "${config.sops.templates."certs.secret".path}"; - reloadServices = [ "nginx" ]; - dnsPropagationCheck = true; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { - files = [ dhParamsPathBase ]; - }; - services.nginx = { enable = true; - user = serviceUser; - group = serviceGroup; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; - recommendedBrotliSettings = true; - recommendedSecurityHeaders = true; - sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL"; - sslDhparam = dhParamsPathBase; - virtualHosts.fallback = { - default = true; - rejectSSL = true; - locations."/".extraConfig = '' - deny all; - ''; - }; + # virtualHosts are defined in the respective sections }; - system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { - deps = [ "generateDHParams" "users" "groups" ]; - }; - system.activationScripts."generateDHParams" = - { - text = '' - set -eu - - ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} - ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} - - if [ ! -f "${dhParamsPathBase}" ]; then - ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 - chmod 0644 ${dhParamsPath} - chown ${serviceUser}:${serviceGroup} ${dhParamsPath} - fi - ''; - deps = [ - "etc" - (lib.mkIf config.swarselsystems.isImpermanence "specialfs") - ]; - }; }; } diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index 37354db..00ee47e 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -16,7 +16,6 @@ in environment.shellAliases = lib.recursiveUpdate { nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; - ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; } diff --git a/nix/globals.nix b/nix/globals.nix index 912f24c..1b534d3 100644 --- a/nix/globals.nix +++ b/nix/globals.nix @@ -1,5 +1,5 @@ # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix -{ self, inputs, ... }: +{ inputs, ... }: { flake = { config, lib, ... }: { @@ -8,8 +8,7 @@ globalsSystem = lib.evalModules { prefix = [ "globals" ]; specialArgs = { - inherit (inputs.self.pkgs.x86_64-linux) lib; # fuck - # inherit (self.outputs) lib; + inherit lib; inherit inputs; inherit (config) nodes; }; @@ -55,7 +54,6 @@ inherit (globalsSystem.config.globals) domains services - networks hosts user root diff --git a/pkgs/quickpass/default.nix b/pkgs/quickpass/default.nix deleted file mode 100644 index c13b8c0..0000000 --- a/pkgs/quickpass/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ self, name, writeShellApplication, libnotify, pass, wtype }: -writeShellApplication { - inherit name; - runtimeInputs = [ libnotify pass wtype ]; - text = builtins.readFile "${self}/files/scripts/${name}.sh"; -} diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index 31bb1af..928e012 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -4,7 +4,6 @@ config = lib.mkIf config.swarselprofiles.server { swarselmodules = { general = lib.mkDefault true; - lanzaboote = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; diff --git a/secrets/certs/secrets.yaml b/secrets/certs/secrets.yaml index 6f70d30..3f54024 100644 --- a/secrets/certs/secrets.yaml +++ b/secrets/certs/secrets.yaml @@ -7,98 +7,89 @@ sops: - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOE9rY2tmekF4blBrUEpH - TmM2a2ozUGNvaFpDWjYrelhEdGc1RUp3Q0RjCmloQldpdDdXUlV4eEt6YjF1V3lm - NUxTckR3STNNRmF1dHRqTmhNOWt5cmMKLS0tIDJjVFJZUlNXQzhjVWNLQVpjOTgw - anhEbXNFblZpZ3hIVXNxcmhBcDRpK2MKb/Fh7QtHGBFttpzt1qSVE+1H6W2FYKXI - Uuly3uYxfvQXV/rtgXNP5nqtFe9rMAQYuLMgJ8SbUr7cczt57CX4VA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTFVPMElxenJwQVBwYUlr - WGZOUUx2NU84WnY2VWRBQllLR3Zub3d1ZEJFCkhubngxM2phTjdtVTR2ZFB3REc3 - NDNJNHE2OVpFaWdFVVYwOWJRajRrSDQKLS0tIHBJL2ZoTURaSGhFWDdKQ2oxcnUv - S1J2VmRIYTNSd3lkUTRBWXhkR2o3aVkKknm9GBqyoPCZZbN+A0PkOVnBWAq18rqX - SnvvX4GYiSor9H+DtPHoRkg7P2eDi8c9ISkpnXReYcRjpw1mSqFE0Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieGlsd0NScm5WYldITTJ2 + cG9mcnBKSGo2eXlFaURNa2FxNkZ1MGNVTjJZCldROGZiWGp0dXlMc3cwbFh0cG5H + RDNPNUtWNFBlTG1lOUo5QVJMdncxYUEKLS0tIDNJKzc1WExlTW5ycTQyVFlXQVAz + cTRDK1h5Z3NjK0h1QnhNSm51YjA4VUkKUlshWYOQLs1z8AOsFvjfl+RJBvmJWU39 + oVVvBEkCF6pw/yZp7Zp6ejLpVQojqT0JvLzSMA0tJBt9QvNmdTT1xQ== -----END AGE ENCRYPTED FILE----- - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV05lSmRvb1JRTW1jK1dR - VFFEdGEzbTRuQk10YVhoeVhVL1cwQ2ZYVFZVCjhNTHB3N0s0N3NBMkRMZWNsRzVE - WVVZdkxBU0N2dnArY3BlYXRyUnI4QjgKLS0tIHFYai9BV0R0VTBKT0tjcDIrSUU1 - dFlxNXJRMmdNclVMeHNNYWcxRHF4b3cK2Ql2NFSci/LJhIw3lNc+2EB7XzrLsJj/ - gVHiXmF42v/vI59ZLuBZfY9tD53WfO4RFe89uh8gGh0JHly3DTS7nA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcEh3MGxWRGJPeEQvNGlh + bEc5T3ZRYkhkdkZFQy9zRHBNeksrRG56T1R3CjUxMUxhbDduRWo0N3FwaUYrUFpu + S0t6bGdXYTZGMmcyeElXcDJ1Z3QzVGMKLS0tIGRUWG9GYi9vT3dzSFh1aFRKNWhH + M2pGTzR6T29tcVltS21RMkNCcFpPc0kKkXGoVCNU72f8efjJvtz7cbUpPcfVG3Dl + puffE6poAyeevdSW5cAFGNgJMMWzyweUf5QvX0lu9i0CpuLFFTdacQ== -----END AGE ENCRYPTED FILE----- - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwU21WTEh1cVhkSXhTNURU - RWl0L3hFeVp1c3VJNDg5QnlHdHpLTFEzUUFFCkVkSVNLclhDZjB4amRSR25LSjhQ - TG1vN3NoWFE1ZE4rSnNneUliVFV2K3cKLS0tIEx1Q0E5bG9TVk8vWS80cklZUmhU - MHJqSis0TWJOcTk5MXBxWW5hanMyMXcKC6o2kKTVGho9t0QZGpG1ivd33iNmNu7F - UTykT8tGY+rZJTGKBXRGbFXL9prXnnAhpeRywfiKq2d1MFhJwR2ing== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZzFNdmJpTDVFTlJPN3ZV + cWNNaGE1bzNmbjQ0TUh3bVJXZm85R1hDOEh3Cm1GQmxsTWJxWWl5eDUvUk9DTkRP + L3pNVEovc2FLSFgxZHQ5L051VlptSlUKLS0tIHVUSUZsMm9SRE1INDExR3djMmR5 + dlJMc1ladVduUExXZVdHNlY4TU9UOHcKh9lzumXbRm2lkNPw39EQ990cNznX6Hj2 + s2dMmqHIbanQ0VCGW2Bwi542sII7qT4YW87EX+0LpUN+6bHKCR/YhQ== -----END AGE ENCRYPTED FILE----- - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbVN0MDgzcVdPNUYyTEFu - cWNVVEduQ2NsTmxBelhKU2ZaK2g0TjN1U1VRClNmbXRxWjZmQW1jSkhtZ3loNFlj - VHlreVA5K3kvV3Q3SWFEb3JoWkRjSFUKLS0tIFlaYmlTaTdFWE5HMjBzOHFkVEFQ - UFlML3RpOEo4RTZEREplMFVTdm9QYzQK73riJYtOcy4Edzcf/BehAEhYPNNmMu/P - wbnfg79Dz2vslu81s44uc08rQdYDyp2ByS64ov4AwjYnQ4t3Hs7SgQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cHpkZFBES3B0bGNUYjU3 + Yi9kTVNNNDNSTG4xK3NMMmxFSTd3VEJtdEVJCnFYengyY291ZFNyNE1hQ3ZVSDA1 + SXVkNDdVUjRDNHorZGlOQWM3V1QzcUkKLS0tIDZmekswRXB3OWRDVi9icUw1ZVFs + NytRZVZXTzhhRmZqeGxRZ1lQdVBYMzgKs8tR6IlB84pbS9/T4fixD43hDIrHeDIY + Bk0d64w2bkUJk7xKjxY+SNk9RHqLYmaHSudLVSlbSZ96exNBt/L9jA== -----END AGE ENCRYPTED FILE----- - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTVgzZHFISlFwMndON1Zy - VmRxWmUxdVhIU1dBb1FCNDFpeERQblBmNkNVCjBKalRSblFGREprZCtLaUV3bkJq - L09OZzJjSzdkV0J3c3cxRmNqYXluNTgKLS0tIENvQzk4UGlIeVJZa2FBS3YxQ0o4 - aE5wcVpqRVFaUDZEbUR2ckZZUlpFbFkKF3QH10Qb+UNpRbM3JzVRCjJfz4J10aB5 - a67zfK+4Nf1lqWMcTC72zOJo1b4OitkwOZPSHUwd37URLxA+b3F0+Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaUFqYVFHcnM0ZllNYUR5 + a09mZVA0OWhNSnI0aUw5WFZlaHUzN2lRR0NvCkhaaUVSWUxuQU9qRHpSdTROSVJi + SS9YQTdtdzdWNnhRd2FSdFpVTHVvWlEKLS0tIGVkN3Q1UE9NSXZGWHRGRGwzZGRh + Ni8rbWRWSkdtc1BwdGlaVGlNZExBWWcKbHXUCrg7c1Ekq2bQs/m22TwBijcG+3WP + vNp6a5V0wDgoDP49W4AodMarygePJzW/NgndlUXqIWuIbm6VFUEHRQ== -----END AGE ENCRYPTED FILE----- - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbGFOOWpyOXY3dlpKeDgy - cGVpY1dkamd2RU5qWm1MVzBEUXlqV1EwRlZ3CmFyUXJ6Y1lSNlFNNSswRUc5dTVx - T2xQQlhzbVAxS2c3RUpxVHVYelBEYUkKLS0tIHU1SUpoZi85WG1uMitUVmFkdG91 - bHRhZnBtUXZybm9VT2Y3TGhjbCtsSVEKfEo8jXw9wQdncX1gWev5xxz4s9XRMrX0 - OampKe7MO30BsocF2blkgRQqJe8aZqFgZt0AvSBc7OyuI3mRZMPCBQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdlF3bzF4d004VS9NcHNH + ZnBEa2xHd3ZUYW5NUlVGd2JxRGJPcW9lT2tRCnVSUWx4Z1g2U2pyNjhaWnVxdDEx + SGtSNTdrMmtHeUtuL1lWQi9FUTZyZW8KLS0tIE1tNTdoOFdQV1p4MGNUYWtRQ0N5 + bFNpdm00MXJIMCtxelVIMXVtNG5XWlUKtkL3P6x2rafYSTCW5zv/54tgU20FYwhi + RFc5sZRkgXhoXw+zrKkhDc28Xn+Aby2pUth9ihs1ngVB8OUqAZbrXg== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-07-05T11:01:02Z" mac: ENC[AES256_GCM,data:XnLmZ65mZqoTHQfSKdvPVr+IGb1mb0nFRQLBiVPSyKfg9ABlqwsht3sykR+enDkmIk1urRewpKvPRr1YyLKAezHaE2I5CQdRwMViGTxbtN18SCqlKcL6CgGzC7UzAI8A2jVqB6D9swCx63TEOwnaWySBFnQuOog58R43rhxcJJc=,iv:U0ZMZZyuRJVAE0el0tRAdvHS7qtqU+z2kN78XEZOW2k=,tag:TrPIoG7cxLBDgG4vXJ5NiQ==,type:str] pgp: - - created_at: "2025-11-11T17:51:25Z" + - created_at: "2025-07-10T23:51:25Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwDh3VI7VctTAQ/+KEHJIsZn5VF+vGkqGoMmoqYcRQ+TVXeOIAA6ZM4G/VN1 - 3AEcFmq3JQo/Bjvq0pl1IQbvCzT6bNprl3ADmXeqt9x8MOoc28Qx2AJcOmfT+Gzu - AL2Y0zuJ54qXqgBfF+b/014Ek0fxMSPbUI8EuIPPMWuG+upQqhlcvxTr5usvO3qn - dfxt0R7ISwjA9pDYs3fBI+65M4eq0yrSyfsoKQLKsLRXSn3rO56vSS3jTHc3FwWD - 0cOOrWNMdbSnAFeMsioG1sfH4LlzDG3MM96Ne49f9dv0Z9JmLFV18i85mzN75i0p - 4cmcMC6XrHasdLXcvfob42n1PMRArOpLppf0kk3UVvNcx3xVKmCp6S39LIR++763 - wawC22oo6rz3aFRqVqGMudWub2DamsQrnb0IQjnRP249JLROw/cd/h1LaG02ZSP5 - zSz/TmZ1FjgO6aT8oMUQyiDCEq8BfFO6i6SQLkXxw9pfy5kqX5OGh02xLceAzTYH - HCTZm/DRYZw7XimA0CTw51Jd5qy0t7vddcN1bjSy3uZH4CyFn0AsDLvHo6t7xTSr - hZKR8ICbUUDOIi5hLskqFvtSUYIBJoH8NwcMyPukK+ZrrLOwSMWa3qB7r3NodXd0 - NsxxFT9GiQAtD46SgATLhgHCmP5L8DlVvWv3zyYpim7VxoLW8T5s6yOkURAHWlOF - AgwDC9FRLmchgYQBD/9NR8LjoQkd95Qrff2NN7wU5a2QD/dSkQgLAkjWnJ+S14TU - zHdZPp/lorQw5pXanndDRMElZdFrfL7CKI4e4Dd3oPdOpRW9+8/7iyDrW1Pcsgz6 - H2qAEMjLESdWswxbS8uEdX6UzYUBv3+BamedgbBj95qPtPnTaQvGCUL+kpBb7YTm - +Fo1tlC5fZ6jr/V3qacNeG8nFDLm1GvhWOtqNW16Dt4z3RaYBtYF7ElMXRMq11iT - iFMT512SN7/e8dd1jDcFg6Cw4NkU7o+6bA+gs/P7ksAJxyUqAn9elhKYSrNeSDnD - Vtb92/kFO5dc3CrD1F24FyD1Xe6sgqETFL6OilvEGQ/wYJ/AXu84q0ch23f0Tksm - kk6ZpQLd7QKgow5pLwnAbpFBS1P5cemPY6gvmUAtgYJrGLIxxtk44SVhlQeSX3lq - eEJT4lZTu8gzQLTnDiZWJpVTnppZhMqXV2LsWAFU2XRHpuCnAuT0HmNFbaqzzC3r - tWa5lZRjgzs5e+zxsRhz+OfwwtJMWZw9OAmIQiRWeitZpk0XMYGraQce2ohPQlSQ - RFarR7EDDevuvRnLmbhhK73of6v8Wb0J/40gZZIWVLRT1LcNBz9ueBsHwPTvvCe5 - FFELdJcxYfIGaCINU6uwvNulS/47f1rpyCtoegNtSvzGtmc+/r2RR8emd8lMS9Jc - AYmI7h6C5XznEGGVtIoAkW44WhIm+Y08tbJoMevp6aRADTnEC6CY1cH3H1ZQbdp0 - YeN6qE3d91gmxW25hsStr8Mcy0JPIflt3kxcWeASpgJnbkOgxtgxhMqYAqc= - =R1dw + hQIMAwDh3VI7VctTAQ//R2fMRdWshY0+/feMDAF7t/Z0YwwAT63gzfqKG8aKC3cf + skGJtXBZ4CFW/tK0J62nS0qUIYrkWokACJk72luYg61u1KX1wUaEEqnRcEzZsxQC + Ib6hYXyKl87WYv99QUDaItBBBoSd9BhiDCnWv5nrstZSDy+RwlIYPhQy9KgeDt0H + 6pRnPEL3VU41AYt6YKl4yLBOjweftLwZkDgKyaJalwbLmFHWOvmvESL0kBj83hyX + Lw/XZlh9KUi+xEeYmHUCjO9xDgvJsMGTUY7m52U0W0faarzy59yYWnENROwm9jCK + XoYDu903CtxqSybKJ2AtGHWx2cuOmTjsHPEefqmK7M3XsVpsHgvx1Jo1eQYO1mPI + ZiryTsN1YMYXUkgGfFePmqA9X2iC/meboCWPcRt8lUIfmWx7uMGsv+mGXT37lWyu + wYl9Y2x0qwfAOyg3wNdojE5t4rlr/XaQ+k8Ep1ud37pgXFryQtnNhwgtYuPVWiFK + jnnUDCZrbsWbMmL88ZGYPNIcrBGAgmfYWzkWrU6fICYWIzJdgiWg91ANRHX9vnwG + 5YjZHoHnBRMQg32MInjBJrm/4r38DFQBm67bI1Ol6RMDp/wD5hLrbC6gnq0hGRJt + GzsRPphwrecifIBtck5/vs/f134Y+6BIADJHNEHTA/LnJC8K1VYRW5aBiFvyUWqF + AgwDC9FRLmchgYQBEADKxwFZHBejt2dr2w83XZcLCV/0Mf64DOk7I16VKZ5gBNXA + 4N4W8Q/of2/EH1a8eZ5A8DZPkVZMavdXkQnww8+if6yx0e4moBusUAzeKP0XtY7T + ABUueS7B9Ou3yhdVynpOfmU+EBwQXEuYhVsOlWUJGpfESoOBRyQv12P7ToOS4pz+ + panGeOMo5tzU/8vfkbRIF+9WWKPy/JfsufXGNQkdErgnTAdRCUegPO8kVpwZ5hE/ + 7IGtddUUnwC+kIlkv4N4eM9QabjWmU70L+THveJ4q7JJCmsimYPocbikVhPK7pb0 + mqU9hUMxJbBq6sPjLIq4QaSkSSipbiUUdZjoWuKuIbMjm6M7oWR2uGfQO3d5R+VZ + 3N3xkWPVnzoChq3zB35gkF6RniMhFMCjhYOPidYQ8QH68zN7pe3YzE0HkXgirjs1 + Zux8KlR/Vmh7wQjzWEfv3yK7Rjj8ePt4cdAfozFf7YMUPQWSr+BJ+1CVfI3X5Gb0 + RrWwJm59MicK7mONCDB59LMKUYciQc9JGlpl6oSkbdsy49OToPtuShsoBN/nmgVE + yU8BWhJt02KFLKvs+v+HXuxXgrUfl1zNAtzH0PrB40nuyoCFuvomUExCJiTTEMgs + YBwXdecgwcRta0/Q368DZqJzxiiYIy5xlZxFFMkA62JfJLUFy9/Suy+mReWBLdJc + Acr8AJq92TiCmHED4Rc78SaFDYjJYfvc6JLJDHxU0r2ucoMwKAR15gDDOaARt3B5 + Af7fxGWQ40sY56YgjgpBRaoXYDySuQ9Ylegd33hUzEOfOqKHFNAE+aH54QM= + =Enyz -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index 52b8c15..f11e9d5 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -34,107 +34,98 @@ sops: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNU8xU0tHWVJOYjR1UVpz - THlRK0FvYisyR3NqTVk1QUlhQVJGbTJROTJBCjVMQThqK3cvUGZlcU5WOEJncnM4 - ZlcrQmdCVTZsT0t0ODhJUG4vY0JlWGMKLS0tIGpQY3hqdDA5bkhOU2I0UGVHaU5F - T2pYcDRMczh3c1B6cmNFMXRYM21Ea28K6An8G4+/mwC7SNYyV3cpx1AQuUsO3uKh - EG6oyvwcLbbqAdHkKLiDdD2bG/NNp+f9xycNyG2AH/8T6kl0fQN2gg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1djB6aDJRdW5zdjMrMnhJ - YmF2WncrazVUMWNaNXBWU2Y0TVh2S1VpbmtZCjdXQmM0RzVJK1ZNSlhwd2NvSHFO - UmlXZEZWRzJnSGJtdFFUQVd2aytNU00KLS0tIFhwQWQ1MnBVZllzb0VyQzJMRm9Z - Qk5XdXUrcloxelBlVlJuMmpJZ2liK28KNt0EMbRBErf1GExZ7QBnrvwRKozNaHQF - MeFiEuIRAS4vSUHz2dHo7/iyub7D//qXKt4vD6DURfCHhhoGUF1Qdg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhU2M0UFVMOXFONzN5WVU5 + TExjNEkxbnhEOWJPemtqcW92WDVJTXlNRDNBCnVoMTFreXBZVjdFMWpxUzZhaU5j + d0xZYUQxdUx4ZFZteHlsM2pJZXZQQ28KLS0tIEJjdjlHdklmalRUUGhLSEFDTmkx + cjZNZnRVSmcxNnFCRzgrWnhOMlYzc2sKK13rGMFVsXQkNERYQLrhgYHbDn0jPYbl + H1pQPZdWw+LXw1Z+Y9nj74KTPPLnPckVTwETUfvs9EFkcFIyhzGK6w== -----END AGE ENCRYPTED FILE----- - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWm15SitONndOZkVDekNl - ajhTQXljdllXaEJ3RVdQRm5sdFJnV0VpQ0E4Ck9nTEVSYmNDK1RUbnU0TkFabnEz - aHVxcTNqUGJ3cDkybHllSmRPVW9Fa2cKLS0tIDgyZjZnV3hWS3phUG1RMjU1Lzlr - QWZLTUV2ZVJlRXBrN3ZXZFRBaGtabE0Kgcy7XL1iCLifYHxydg29tIyPYUQ7hgd9 - c589DNlukEn+i1J4pBkiLDnTUxDOEsUv2VJlGTRrdbFsfjU7PdvG6g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWM01DeFcvQjM2bW5DcFM4 + YzF5TTlURkxRYVdVbjdReG9LbUdYNjMwMFNBCmZJckdBM1YyZEFDT2RhT3g5bHJo + eVVISmhqQUZJTm1WQjNvOUE5MytiTU0KLS0tIEwrVGFwVEE2ODQwb2RyNzdselJa + b2tiTzZCcHB1NVJWS3Z6VTdMelcvTlEKdW6kkCiI1YhV7Da6SrCQxP0zdUc2ICSC + voGlNOnPb5iACvgLnX/a6EBKKO7PScKIFAzsWROC9MlLoF7ERnZdSA== -----END AGE ENCRYPTED FILE----- - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeGt6Nkd1TWhLc2FpZXM5 - cEhDUWVNU0xSWjZlZFdsb3FmbGQyUVV1MGp3CmNUcG14UXpyLytNRFFVRWw5b09n - ZU0wMDcxZVJENWdlcVpEQU9Mdnlkd1EKLS0tIGxHSTBXWi9EQkNYL3p6NGJvU2Zo - cVRHeVJXTVIvaW85Skh0Ym5vRjllaFkKhuQpyhqyTz2eoQ0Mxt0/CaNHgaksrdbH - rBDEw0U0eXX54oQkqNZD/HUosmLO4f2EZKMhBnFaZ8LvaOV6jM9Mpw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNnF1N25qMUkyL0N1RSt4 + ZlRPVGpsY2hkbWZKREg4cU92Y2MwM0twaXdJCmJwTWl2NjlETXJ6WFNwN2JpT3Fm + WjRqVlc4SW9DejV0Q0JGNkJpQm1NOGMKLS0tIHpQRGc5eHQ3bHFnRzBNRGx0ckFV + czdKU1p0WXQ0enRyWXpaT0k2NHBzZkEKqLRezUd0z2PF0wakJe39NAz/MkpXIRAl + hvIqWsWyXHUU4a+mXwX8XWgs/uejuyXmHa7TgavqkHs9s4/p+KtNnw== -----END AGE ENCRYPTED FILE----- - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyM3hLYnNMVS80R08xbm1s - YklvK05mc255bUNjc1RYbmlOblo4cXcwRTBnCnVabFR4UFpDNSs2UUNoRUpYZ1dJ - d2xZRlhMNGM2M2RzTEwveWh4NmRSVWMKLS0tIFZTeGY4MzFxMWppOFlseFZWcG5D - RkUrdDJTNmNhQkFzWTRKbnM2OElDbW8KXITNQ+SKRxIBHh8vgqq+d0u3oLejr6mP - OxhLohXXPXi7r2KTVTVjCu5fbDyVix/L604LvJE623ALl0pmyQq9XA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWTFhTlMyVkZpeFRqaG4y + RDBhMEtpSXYyMGFnN3pkVGljSGN6MVlTaFMwCjlJd1UwbXVDT2M2R0hsQStqeEQ1 + YmNTNjdTRkU5aDZZd01DYjNaOWhKMFEKLS0tIFFKS1dXc2ZjVWlRR2ppSDRaRHRJ + cGwzMUFNTHZzcjZVTFNCcmp6VmdFNDQKNVeV1BGVuaUbSHHBOZzb/RJP4umX45RR + 14RInoF9i1ByEzY6KS2nyP83EQzbAgfdaUkPKkIpzytj+3gvlnI/RQ== -----END AGE ENCRYPTED FILE----- - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTHVXQXRGZnl0QUEzQ00r - cGpaS0RpYnVHVjg4cGNTdzBTMXFvTkUya3lnCmlJai8ySUxONXNnWW9BR0tKMDdr - RHVLTUYxY1FMSjFnaFdZSy9nekV1dWsKLS0tIEFuL3FTQ0xNOHJsSHlzR3VFT0FK - RE05ODd5bnFkVzlXVXlBU0FZa01nNzAKzjfkwKN4mC04r+AMNPTIt/lSMUuL/OD0 - MGtqjZFB6vGrcqV/t0EbkZfxCqfmUeTDZgwWM2r6zhihb6Y9vTjHTA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWk81ZXFRQnRnMjhVZmZL + N1p0eTRSQWt5akJ2ZjZid2VUNW1ndFNWeFQ4CjBlZndkV0pKeFpZUjlzdHJsQTlR + VXE1K0p3TlhJdkdPMFRTL29BaUd5bmMKLS0tIDVlS0FmRUFjTTBpd3pGRVZMbWxF + cjlaR0xvUmZvdlFlZlFwam5IU1hYZ2MKOMW/ZsXOLtYnYCVf0JIxlfXNTDjSuscn + l1p2HspWo7J1RfJbOQgScy6rmUB/9HRMHlnwpnjgOYWE4EmuKcMYSA== -----END AGE ENCRYPTED FILE----- - recipient: age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRmpKaWM5dVNDWDJLOUlj - bGZiUzNWMkFkT3IzNUtqZmt6ZW5WSDVyUlUwCkx6aFIxTnNnd1N5ZkZDYldmTndX - T0g2Yy9tVVpHQ3FYY2RtVmhjSS83TUEKLS0tIFNTT0JUbVBqNDVvWnAyaVRhcllj - ZjNtSU5iYVpXQXA4QUU1YjBCU2xKaFEK+cANW7VGs7HQTmMDEY2oLG6pSBnBLFXn - /PpoqzxNVovh7ghFRduDcHWuJI+DBtn1axmSXF/K22WO6LG59/hr5A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOUhETXZpTWs5dWw1VVhX + Zi85OU9PekJQSHBIbHpNMVh6b2doa0wvSHc0CitvanJBOFgwb3V1TEpjQ2xXa2Fq + UGtzdTB1OEwxSWJKVkZJWjBDV2MwMncKLS0tIERpTlE1cWRaemZFZDAvcGx6QTNK + amtUQkgvTEJFblFUWTE0RWg1cUVUbmsKx35Yu+wpJwlVd2JrXCT/qybmLjCmT+/0 + v99LzVDWiiAPx8ryU2FeAZ/umDDIQfkzyLbi2f460ATKZhVfqhNDDw== -----END AGE ENCRYPTED FILE----- - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QTlyeDBGa1hNek5aWnlr - RzlWN2dDaU9IeXovb1BGTXR1RG1ZUVdwTUVvCkRuVXFnYWpOakZYamZtdDNMRjQ0 - ajU0VmtraEplbDU0ajZyT2psWVBrVlEKLS0tIEhXa2F6RFlsQnc5ejZETVBvOFYz - Wlo1WFlvZFJXZWZBVkh6UUpCRmVESFkKqbuLxX706LssJTNyvg0ghDjyJaVuYfgJ - X1OJbbBvHerqvOmk03biU93oo6PygdAAgkPFI7JnxvQP1U4IH45Esw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycEx1eUR0TnRVL0tsN1lV + amN2M0VlUHVpNjJvM0x3UVVhUzY5QTRObG5VCndkblVGdExHZDBMbVZmU3J4K2JI + dHZoVDZHTHJldTFLMDdlMUFTNGtjbEUKLS0tIExKVVd1UGtvelRsQldnMTBXTll3 + SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP + wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-11-03T15:12:52Z" mac: ENC[AES256_GCM,data:86AWnB2q5xv/JIyomkJOkZh4r2tj18rmNb02JINokmBv4/eRmej/sQIBeSbCj9cJhtKewECwVk8QKtwTu2sWB/hPjtxb8qnWD7MhNs7qmHOYAeYlAON4w7abcLxt0VFMKa7gd0c28qTHOkaWsLy6gDaIB/5x468FIYqsbfIiL9U=,iv:BDiKNHKTHPazwoM6bVoCf2kb/eNrJS9zy4yj3+PFdlY=,tag:6ZFtZZHvzdWp2EhOV3S7xQ==,type:str] pgp: - - created_at: "2025-11-11T17:51:26Z" + - created_at: "2025-07-10T23:51:26Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwDh3VI7VctTARAAzM9wzRQI9IYBz9sXGG1YKIojcuhi3UnZNjOwRQeJbSsw - OMPY/e84m668uFaGUwOPwFkYikBCaPF3OmzNhMDqxHPUbFJN/6UA8ntLuugHrhs9 - brpt52yYvo69znaR8iYXw/S0mL4rfLnHkc8p69RkBCk/4FrA/Jj/KImcFxZ8GDcf - G5dfaEmJCRfZGeyr1D7RVJ0gs3LQT9M8c9Qm/ShRQQqVlEko4rjsOmqOt6eapSuQ - KnlsEtYS5yZOFoBtabmlTiFgdC8vaHQ+oxI98phdRkc0xDpqZetMMVlgonbewur8 - nVZPb+wxULeltkIIleWQx2E0D9RBi5Xu+L+vXj7jJYwUNajqama/N+1wB7DsiBeu - cdPjLyRcXPD5pE2qi24X1nzBiWdjef0tkJiH07MQtXA4r3PLtX8a3cCvVsecoT4D - 0oK8dGumaXSj8NkYB/kP47hOleSYzNGWPR4iMiXYNJHhUw0Otr0GFSfjVo7s7KBi - 6WO6tWE2VLVuolABEKQPF4sadF1fXxcv9artuzUX9MZquOvsOvEgkQnYzGIY9hio - 2X8nyLxORpwPFmPcZ5WeVyaZ04CiM9nTiflFgt5X/rX1Mf3sKa0NkrhO3+k7lx1j - GjWvgiuCkgLYt0fLgyYVEj/N8jHjcCejVEsiwAoP/apvEgFylgI+YwyXOJXXz0qF - AgsDC9FRLmchgYQBD/jvs1GaGr52Qu1TP7IXqg353G3yZDPoPmQhdkiOKLFe5wXD - PaqNUNOQG4qwffuPBSfyw5XHYZN1v0SCwrNpQ24DFnT5XjVTboYl+DN4bWStrSE+ - ZpGUy+PxvSgKY8lbvGi0+RX1NW32Gwz1cuPNQRnwS/jwCFrxgk1aCnK5+USAmNfi - R5+ex+Ij6+EEiMRpvNdN2ViCP2PfFMLYOR4pjvLL7i1XSPLhGxORcCyIKw8RAi+J - I/qP7IubG1XTsS7gm0D4Rf4eYOy9O3Qi/g+GOk8mxCXaym7hQmCcM5H+m4R85Zxy - EIXKGQhs2UB7JD47SJ1iY3FBFzq3jpn0wPq6piy4lJVR/+r9Zd99EcWOEjuoavE/ - 24q+Z3OB864Fks9hVl8herQbV4oGqHTQJr9Y5ScnS+7RuAV6Cy7d0nEaj/H4jBxN - fKpFGAJ3LkwxKfAwxximTq2lgHBtCyMably7XBc3D0Cyb1lyG5mss3tWNXRNkckL - yg9I64lKdEQz2Fp7qs8JDWmbhUl6eyDtGX+4KKW7lsFTbi4kvo/FgtW6m6xaP57k - PPOJlfDHOqZy7GR+hvaHBIgFkhvqIvJjARK5OaDyP19NMtA7qNJOwParSikkTeXl - XgkZGnh3ID3EJ5V9vMIYqrhhjDU5Qb/avytjEoef8GYmPb8bWd0sVODEL59T0l4B - u4ahb81JM4JVo+p1P+W+0gXA8uUgP9pJ7lWjNCV+oL5RWTJRaTzSwa8ywj5HjLdH - +M50prEhcMiDupwZXU2prEKrCIWUGpeaHK3DIJmWhbO8Hh8OCXeQ+EFfxB+Z - =s+4A + hQIMAwDh3VI7VctTAQ/+OG92tnH/dwXLTdqlvN6sEPREG/oZTLGvjPiM0Ipqyrcz + rgTrso9MjBf0xZkxjH49CWqBpTBoOsxopdSU2cvte2IdQEQCgCJcqff3okBsT/Cm + 3yz10DNTdI17cc2tLFJtvcWubf+amRXTM8IbDozkc4ttuhCbCRcFMaJ0NTVMz+rV + pff9UQWGmAWBKK/u26prf6NeCU2C/v3vLAxAxVjuPBxNpXFZEuu88DdE0lIMy1rO + ZAsYz7O6/flf3qbl74HXhNUhWwDTUJtU0beGSv/sziAPSEV0lpScZbq5HdFvNUk6 + rH8Tf1IdV6n0lvDqVdnY7XbmXlF0neSLJedWf6eAmcvnedCTVzMGSNAIVhiW9Y2f + IURsyK8NXnZTw2G5J4BOwx082Z1wroH0cJgQz1IcfU/I78DUaysH87mYfUQAGPV7 + cLICS/2n+olgkC9nAz9ZQO7+98Ylk1n4EKkhW2hzR5av8LSu5rs9uTkO1KWz5mTT + QjsWNlD8+1OvEFxELJtdMLnTpMTZqPouwRhDhJLoh6to2/HT48xCpUu4sMyj1AY+ + ECGsXzNbfb6dlAvuloNq9DoEP3nP4KJ6DKv7gnsbS1WVT6LoG9Yg6s00YnWiMomd + 0ByLH5KZdlBkZFV0K/WGWpj3c3H0IIM32+w2yYSCVQEY8UeSTQ54bI0ao+ISPLCF + AgwDC9FRLmchgYQBEAC2x72z23cpRyfiQD32Pzb4cDheSawiXSolOZMAExsRDmYl + IhMyMOwWmetg4HOwfGhq1PuM7t1k7maVa8ulWQcmD7eSmehiaMzYpA/gctf8GFQ6 + 4mmQ1siBC1qArfMgFgd9yS126NUGqXAWsrnptnlIbYuY/OsiS7W2JKLQUcx8TZqx + 6NC2zIi5+h+ZbRugpz4ZG8OjFnUwbLdZeDJ1M6i/TVuDJjGC1JkEePjY3IvcmB7P + QTzGCsYKwYSeUuAKel9ueqvznNqACQ78/NC/mYy8xTMiyjnhOqOFvmlHLZLy8cFs + m0eLlEfQycwGOIPZa7xo98AZ0Ohvykqy8SBcp6JSEoWcXi//lLfG2z5agfd7bEUP + X0rOKwmFL1l3w1sAUzmKTa29G8b2+rrCoKCHyByDQXyhgLa3aCx7tKS1iNwGdXmc + emvV15+jf/xQ8FrDDZFJGRuCVyuCGphEN8VxFR2BWRjEHEsy9gRMaJlo8gIw54Oe + ciMEBRjT+3l9B4Qipvm8V+okrdHQ56k9AbpbsAnpyHQ6A8AN7oJ19uzBq1nzRU9p + yE4lKNIjOIJmghvUcL8jwld6+w6iMkk7Ss0ClavTA06hWld6mDoRvfrQl+t4nogT + xypUidp/KtILrorNEVwaCsuXrqe5AspOcr8SqA77t9+Yj6b9x8gdJNZwvcMIB9Je + AXC4iun4BpIMdbg2beONi0Iwq+IeYOTdvpo8HKk1qrQCN4zHGaO6iZLrDFqN01DA + IyppFwRhJ60d5TjKweEn03KAT9oVsjN4nwpazd4JkLANXrxXX2wDYOVlnfYyng== + =jNoq -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index 48ee1ff..85d15f6 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:AmILjmXaYip12IA3T3duZIb7Us6FSby/gdbumUJ69y9cU5CK84W8A5zNIv/pNorvbI/d4d4cwcIWOQJdb0vMnTx97ftaPJl5rK1TaboL+CbbZviIE6HTTnkZlutdFjjqzkv9TCcJ1Cm/Krf+/AiSX2bYujzggBMhrOpkb3Wt7iTvxpSahUZkyRLJTDkY8OJdc4uXTpZIoPEEWOF/ZXOdEYOuNvES0dGwzCLhmYBf/yWsRgr7ICRSH0k14lsQRmRa2ZGq07jNlu/f+zXtIR4UMQC732ERLFBKTdqcvFffhKYuy9xL2FNJFuCZ+FXsFtV1Y0YQYeR3B/30EHxLrqiRzF/orkA4mdFgdBqiOcTJKnOeanGF2Im0XiZj6XjoAftHINpX6SGVZOk2mgd8e5giNcMew7izQyQdwQBnG0FKaZvLFO/5YLUdRN1kdtNaDlJ634L1y5lu78TWrXlAQxor9mS5nUQEoW3i6KDOA8OQRsU4xcWAfMTOTRS9Qdgo4fBupo+kTuztRHjv9Tyb8UvMtjyqngDSsmKcURNQWM5mO48g/tP9rtRY23g1B2no//LR+NmhutR8mHjG65GbH+eqF81fI/kqMVZrbXIkZbkh8W6Hg22CZHKQMWTGP+T/25XhnE1qEFs7VlYWHdIZr2c4bMHhNmI5DqEinn2qEe/5YtQ1de+rQC/3X4Oh0+6VRaJvJ7RKkqbUFMUNrgsrrRgnmSwqlvVOykppWdHxtnbUfmjuhXM/Fk5yUWgDA0qPofmcSNAfxzCDkpc5YaNXERe+20xD98VyRvYZS+OTywes5ComCXh1vfO5NpHbPoI2NbJqgJj2Kg8QsJBCRqAMECMAK/rm/adnmCAMGqHzd0gCWyWQr+sxXQSnst+9SXKFB7hsUQYm78hO9Tj+0CJJ8gZFc9GD4RimDbxu27hDcf5ycPqTJ1PqHqHJkGXT810bT1ArGv2udWaz88PONfYmfL2kvdcZuJtYCKRVLqZnjl6MKee3HN9O/MTCxqrE7ZWhZhHTwkgqWcrKFmUMedReUdcVqn8bNkeo2jlgHKHuilRIt0nuQtSNlm1CEBzjCS+c9sE60inlJ+HOnI7ZppiiXBadI6i7MZ5+EUYibjck0vApxm1MRPonZg7j9VHJB7aXkNn2YwtDo4ihjlmCt6AZRgoBYJ+jIwaLGpM2UYEX16E8QFdSWqE1ncFH2Gz5TswqDbztLGVRplRs1Ayn9XmHSkh9mfK+SDAEFy16rnBY6QuI3Xw9g6sQ5x4Usw2m5qoJ8qxTJzzCjDndqYWMeSV4z9Q2x13EB75sK4wBlN1oLn2ubxSiunHss/4nIARDsTGHYO2ilPM5ekajN/v5J5IH5dYwE9HT2pqtbtjo5Zk3JvL8fQiWBQDufjDfYnaLn26E/iu0Xl30uYLI1NwAxvGEPOOZ6fndBPkNYz8KNq2E0A7zv4pyDqA44/uPkfWJnWeVQXoYHOGj74Cc11+bVm6s0mjv35mLTg1EadWJZgQG9I+NHMXL+uvP6RGkX4oXnVT7rQHItv0jz27MlxK8/fm+UrOgFGYX+Pq2Rwam8HN0IprzH9QAqODhuNwTe4CwWS+cIk223/5t+M2NWems2p6JKxuZ08KkPseUQnwl0Wxu9pFKYSBctlgTrJ7Dp83rwbGHKDgB5ZBimsp/uT83dJrFCp7Rpks1AnLSXo5rn6p60Do8P3JfzXhLJqi3jHp4Wl3Qu9Sejq0Z6JVPfNkf24eIbQ0rNoSi7ruybSryXPSH5EPgmN/Sx36etCJ7/3XPmSkCRg0/o7gVRjbHvuNdexyzfR2UIHvm2qzWQDiggQyj3m/JWvgsqNBBAhcIiuv6eCznRDEjOUHXLqTYiz9NUJN8H1rxCg8dCBIsLfNwDE89edU7NsIGCqepbpos5dFzOPHrr8sCYwA5Xv2amQ4PJtULHrymz/SYwkVG60UWo0rl332a7bi1CQTa+MyGjbD8OTOMvr/itUrthND81oD+q6cK6B74qtrj8E6HG24yl8vJHIO4un1ZxZkkjUGP0pIRT0vd31sxQxUU2REeq+7Q1B3N9apbr49wYK+8EVBFwyxK+Ok72BIBVvZY82kNmUhBtyIOsqhT4e+c5VQ6YqKO5W8b4F7vSCGhzkbCyddcdhxWzoSKcFv5/mAxBVqnk9aXWMs1+x8lyfANRE89qYgjmw5hONloCL2hZVL28ykGt7wGTVFL6bOjpLaa0xUrfhraEiZCHyrOlqwYz9QDjmDmsURdW4plUwJa+8J5QVu73kC0c0WZ5xwoQppw8eUS3rGt+e1PaKByNfEPD5LLd17QFBdWzdiCMlVCl9M7+gblPbSMCTfcNNnB3MoBzD/znN2pEyNlwdJaMN/+kCQKSNlRh3U4oPAutK0/S7n4A5V4ZylRVFQ/j8digntEzr64wixLfy4L4hEVXroraY9/asciAS52+kXWSdPKqWPbzPsZBTVw7+aYXlwYzHtbhN16LbNSOS79lKbS1E2vSOzwtq1iKkB9ckjdAZebgIaL6wSGQDP6MESDqsgpPwwpr0faOjOz2tc0Bh+FUA0qIHP2WUSZUmws+gurPJfsLgm9OrK8YvzClZIG4Jw0BYHE9PPYfColMic5mFVIGGEALFcc9xx4G8Mh0lqTaDbVaJONQbQ2kzbJ70TiqISlaHxCpkeyH7Hg1kHuBCOUZUUe1Nh9vyxkQoW6qzqZa2H0+j1xqMmy8tw/sB55oUOkC0SzqQkS+7HPgoD/fMB+VVsrvOJX/YCSNip9NX1u5Yf+R91LiYAWnlT5CYnseSBbwyOQgF3ud1jN1QE/tnvjj3ASy2OoQbOnNhJUnoShxMGi8PRDv4tNHDFY/FbEmmiyH4q+D8j4FYkyxZorNMfxXVdDewRQNO5ZVyoIv6PFcKPEKHRqFrCGN46yT6MvjjeLqGAHanZkGBG766bg285gWRfXnR12ZV7g3mzbet8oWkL0W2os/LPjeMjSbEgtXVTFc+nHJajPKXDxQxx2N6kYopudyNgweBILLgbeLlCSZhJhyAWLpIOvlJ1PGNnbDyY2CR+SK4XH+8S+G3RwvOSW/4dJA6GUFv+Lweqa0j+JzrhSIZnE616IlhA5AlkVHySJKbFKBV7aQqu5WtWZz0uQRZdf+xQbPhMcKOh8L6OrMCJjDibJYgHLlf5yR2MawMpX2pkzUFpheah74+V7QQd6gBq6aqvLc/GpweOaxQ3h927EuiUOC+kkr2vT/lu/25/lfhpGzbL5sT0dxPbtVhymImMBaQz7tZpf/gUUu56LJfyp/Ct7XJEKOsN7tJtuJYsLL7NcqxB4X/fZz5wPfMr4SbJMCz+0AilZCRvXfJ38/LI33phb2RNE89WbO/PSTfphNBTgO1tAouIk1bvvILz3ObHM6bmjdb7FaFuP5PpzzS17OP3Yregz02STonGg/Gwx4Bw49Je535nZShuuhbuDdW20g1Af5mYXfTusLDMorddn0G13aNPpoOxEB8vFosnJsq8gi4Bei1WMTTaeTemNEbsdqFn3/7AYbzVtIGm2JjQScZ98RNM/j0zPE6u7tCd8YOStdAtK3aHtIm6lTvYb5eP6a9kpgVHGHaqdLey4F7RQE2Q7TNWH0A0NIsSEncvxTFUuqY2ERxN5WITBhPoUyPIvyXNkdgt1iwAMeSYs+emEQFrJ8uMb+gZ2WNusCMSU4IdnlA/ndAf+0hM2giaiWZ8xMDX0CzVxjye9ijId+XXJQqpxlsLHjc+ZD6sqYFE3nQrx6YRoa0eV3qBQCnse7aWbIqt5+Y+lG6GNQRIcwC7TzOxRY/d/iorFl2lw/KbkClb3LDlaz+wyTtBB6CEggPtdGebuM/9SGzn8waMx/m3vlRgGriJSyuDlqhQAyuaBDm56/hVc1/YhByL08zYgsUtLg7Dn0Q7JmpdKs3p35fz/9IhGNa423BrMHxo+ga/nsBU9U59jZm7aBfJ1LFbA5Akls6BUi9QFE37Z9Vm8u2bS1TGPAptvIVkGN6cmhJJsNApYr0g1gPUY/bNOfE9rTat4rF2bolXLf+sf8UHK1gTJ/HOCehJqoLf/VVS4NEpmWAeP0Hjw2/4t8/e9qH/xYyNzkSqhTkUI5BHPOJo1CtjiV/0k8MxkPo2yVpfIG3gDajg7lsSrlGi+ORwJOOYWxC/IEZZz31+NbUFMl7SC+ZXWIvftZF1y3noOksT+wHYxnRXQGe1OvuyaAj6Txniq6zTwy1dieHiCjSv46JRyygGw08xexERE1n7bLtIWSZ18OsYF5gf2dc4QIYSlNXG3di+MQPbjH6P0VeI2rznXyp4AaIYIGxfT1fUP24S50HUID8M+67gtaCrrJgfW9Hy9m+HlRO2EjNgDdlyh7hFNflGJeWUZZ6alFN72lVjuWEgsI+HCodNT57CSyiYJ/FtrIQaw7FNt/XQADCz+0yM8vJB5JR9EiVjSHYsaO9Xn9KqfJyt+timVw9HdfTT49lXQn8U1qtxS3uGMkHmmcnV5Ogacjt9Y4IhUaWP58pAe2l2lEyC4MRt1LMOrPVmuYWb4zkBS0rvwpoLx8rN3ijcetpJukRIGGivXDXy+6cnGkAHx52fIPdyGC6rx2KCIPdFfUzZC3wYRoTe/liub82wZXk1ZACcGv4+myBcwE4GtPJV0gctxzryUJ0eaAxkGxvklUMGYfgeoYKYUk9YZGFhQ/HxgB7LqJnDQjKVNlpFzWxyMkYqqLAC+owj1uJ0WuMs704AjE352/73bqwgYbYnD7p7wejEYHPofqjI6RoBIJRtWREVYHdsGCdmuyLbMDA9tY/z7nA2ei6nnUG3hyb5S5M9GL9tQxWFpCFeYBJEyl9S1COmoBSqy6n5Yhk6R3N+d0rkSqGb3z+uT03IjXmKJAfcwvWZWuUWTmQ8wJsUOsCrPOx/5sbsynyvkoJWtdgZjuia2gZS50qpMJFTUUKbNkp/wx5QT9z+tMjviC8JWFXB+iBLnKiWRA38AO2a5KtyGVy39+urMApJD9/Cem3NMyKTzY8OqFreZsH4XOBa45yXNo2psEY6gfjtD9Apn3dLUMSWcjRGXq5qKMgX40KhpWgWNCc2IlBGTQ8XFN40g4sDAQ/GxBQeik3CNMMERBxTCeNEx1P2Ju502Iwt5GiHtDedy2Y5HXrUKV0GYIn15uuhPGdPTErAc1QKgKxFq9b0yC4IVzkrnKRVbqI0BSCaswAzf4TUyzkYSf8Zfs9BSb5bzu9o6eN/x1cWGJdJlI8ATZebOcMBKkooDOhZ0T+b2bW7zvZdnj4IKqklvZlnmBvGnn55QiwpvCkhmGrg5+j9Q9QiTGai9h3Xt2Y8SVZXfltwXITeW20rJfWn0s4DoyfPWqunApWv4TH6/6uF6OgJNGOM7gLnH49K7MMVs3nCAmjkE7Gggmt+zzJsuX7gI9eZF8iavga0sRTSiF635pr24wiJL6tsUFzvJ/A960hhhC+Yt19E6AmdtTn9pPIk36O27G4qwLWOehueMpmQhzG07eWiY446iJByaDztM6WoYlqPAS/uaswYUEAUwHb4eZDsRwAgSCwi/djCxKWXqAoFzVftj7dsiljLvxqN+U39EM7pWBmnPGC5fLQ==,iv:jyofVBu/fxKmEnJPR5e81m8nnbcXf9i944mGH3rbcrQ=,tag:ILjy6UClUAyJmut255ZsKg==,type:str]", + "data": "ENC[AES256_GCM,data:FMhv0WezQAH1OX7F2WlgdAEn54aAZtCXyFNP+8CboukwlL1+VzzcsjQK7/KJqXiHfIFHfn7N0P/y8tk2P+A2Ucbl1NYxj5IgfL7ohAACDhAVkofCM5CD4KcE1DoL4Ja56K6qkjlAi/t7NRv6tUYIr+NZqr2g70F0RQbgF1dkdpxW1JUNmreF5CnXDYtqz6+iMpekNXkj+wt/Zc9lQ/zW1fP4IH0C64SG+lFucpseOwP3YhvjFpzyT/11+uiStc6l2r+luNT8eJsaCYmcSqK5+1lJglIph1k4H+Xy1ccRHHeesy9+ySaGBP3h5uY9+JOdYe5fO9SYZt0cKO4Oic32Yq+uZ0Ldu0hPzDN4MMHsBP6lYidSXqs/kVgxEbPJ7T0RnQmFCVDhWE346HquZBfrGuxBOu2ifkxAFVHJyGaItOk2wlxcPDbU0P+t584CXlVIdGRS/mvW4xxXBCVlEi+QM8a4JcM7y1RJZV6S6R1DGC1nXgdscpcRGIfp6BcKPmSB2vZO8rx2qOMdUPS0FEOEVnHsvnwczGZHJuq6WjxvLNnzBH4gZtc30OKimlxXhQA6qyjupH7P65ayiFt9vvT/fFnYZr9aABc2xbSmqyJZS1wfvl5JMQWnUayigxfzYMdxuMC9+8SCykqXmy7hDlJeBBobSxdQUVhHAprY/sn+FOBzK5ZYb0wsavXI9w9sUSdQiU4XIxDb/FXJgs89FZ8p+uWQ1vFglF6XYR299LScIN7CsvLyGdk1idr08WCc92+9DSnSv9onM1UGD6IkSjMB3SoexuGa6Kj5yi5qyAOtvmMl8NwJn8Xh+gEE+FSUi+GAhh+aLvNbiIVPPmNXgI2+slUn6bzGDLk3NQMMeQ+JrX/SdT7q9Awxe9jtdsej4CGINrrTYKHsaPocVQkK6wpiQh8XbvxKoOV3UU3x9ouEVUjHrN06UbXWFXQSjEz5QXdtjpyTqxi6AaoL8M/yFTL4uB2ahPZ8bC17ZVq9eXwUtHIyKwClbTHTzlkJzr7lR7I1zWLtZIKy0pr8Si5DEkIuT7YCo5w5Pa3Z9DCkdAAL2t7TNTdrQo3H/iid7YKupfCeQxYYf836toX1Ff7jTCLtTEbfk3fOcbpu4uD0geWx4vI6V5lolJJ950ETnx+pq8EFVEk5D6VSfGo+Hl9c2xZ9UraYo9I0HzSSe12FSEVF/anKMVhBZGxdIxqCQQuu/FSNhkaFpmYpcEgodmFGQbAY0OworSg9ZnFWVMgQ33T/cna9Ene4AZ93DJaNrlzT8Jk0QIqCQjIIiZwUqPxABk0epNMLMZzZBJ/8nwN28YU5/pp4c+53RYPjMD4NlC/P+JXMxF+bidSOSYHb4Ucs1vIRljDSWumb46ZXoV+4sCBSdG0LjNVLkyx9P2vYhcw5G1KduSrUMY9VVOePcVQGYfsWjyi0nLyWadu9UUASafUwkOo2JoEjIdKWqg3zQRYIMr0GYp0Kf1EGVTPRPOApnbyLezDQsSnSZzakcJ1qDSFyLjlBMwoE5Rmndp+TS5kUEQaNeJQb56tTbDLWxlpgCoDgtfL5q+gjuVsjwkvUA9o9usBF+hndDl/fzs/ajR9q8V+hBS4j1AQROFRQhQv7vYdGA+Q3z18nTBheY2MgzpGBUwOEFuJJ+ndPANtVC7EIMz/rwKg7g777cwYLHyiJG1Rtj+45w1DmktS7sIyD0/RUt7ApF/v6PeMY+lVjXCKUfgNDaeiHQzKQpCF4+O4CThKa7Tg0keKI4fuJMoFEqZcfEr1TVEFg8AKcBzqdHMyUeUDyLIf2Sp7GJQXTbNA7TlCI5iABJ9McCK01RMqf/1Ew6NJfNDp1yjMd3NpozvAvMXIunmjUjKHzraW+gw/+z4XCq9ifALcKes3Y1R/tQmVfymnMGGoB3bErSIRIDA47IeR5OnrNVwrTM+l2Ew6jFBoWXH6pfaPj6SkdNgOEPp1mHlHf/x9YDBp2ZmtLAG3vlf4bXk0PQhNIb4bm71WyqqFiYwrI82o0Q+UocSxo/lNnLuvO3OxL1P9tp7OPi8kiB7G/D65qvE653xgXmo1OLk+RBJjhqSxBrPJTNbEcPhp36xjg4QtE9alC0XvzKaGUR9GawD6ZEmgE5payDSRXMPD1ZHx8dxr4wdJmxYFpwXFH8UheiKk2dhoGLkMoIempdsmteyaBh+qbeomXaq0+ihHAHkCtzQOc83cr5OS1tmcU1LbsHQ6ZMfBtpig/yWUdpGzFFTPPVKKx2+bWOkOW44IfkLsnAVjo0fvofnL6wuFBKVVF0bfQmlWBheR/VeVrwEjbxTfVOqRmBsliBSxzr5A5FsK5LGfzsyll/8IegLuE+412Kj3EZLVx3c+xq15oAh66/5JaiZ2C69azvb3gPr5NryLFqW0a5gxw1o3SiOA/L5mgzhqvFpf2+dfXLebahVpAYCpP+XLbYTuDiIbCJouUxBMWZgsmaIcwrGKecixLa0LtESsfLSi7F7jk37OlrOaR1gW0PHhYDfmXq0fqHPulthCWEbm76xSCbuLc9L5FI4Kc648WkxXXR8388mv4xIFAURcorse7DObygZSOx+BW8zynUs7NexXnT9OGa9vTB0OTWadOGXNSIL3LNCmoGNtxjfMCfl+CgAWFQxC2OkajkLxu2g0Ff9eEBNUQGrs8EzMB4wKPDHvtnNrezq0NMFsA7NDyl24taCXZ9jNtk6wsq2mWPW+BjvmlwK5Q8VgMXGLhxDXn4322s5NXDZc2GrafflDgAz8cdMWD1kwj7I+V1YRR4BjXikON3ZeDc3IkvW/ZPbIklr1IfAz5dZ6/pxo1TOHbfkxeS1/xW4+QnCBNznoxMH8QpPnm35Ch++Hl5raSegQ1iDGcGaTu7cG3f3E9sAI8J/x9xzps0kybF1B9ngyvLP+Y+sQ6plqaiWhrAtOtSvQIuZwIqJ6CLTVvGGN0CJVxWz/GU2cxL4ierNmSmni9MroSWz6U+M5K9P2rAQdskIwv0pcZ/esk0C/IHRZEs4DbaFBTVJoPk/8eMKBhxXmomAOm7SFRTp6LMD7OrD/ext2S4cWXbcnXY7WX4+R2GT4yCIo0au3/CLX6znK0o4ml8dH6FzClJCiWL9pc3tFbCh5iCiIGaCXFZmAM3NStD8XLKvqatFxgmK9I2jSN98eSSMU8MexiRtTttzza/7Nqj3/3nCM1Qw4sIEC+a8TWjHJeE/6tJ9JyAHEYZuhE9P3AbECwa7nIQB5NbKF/IDrHUN+fw7mKEPMgbMBQ1ITWg8Glmb2trzms2WlxIm071j+9jYEs/F/n9/mzX6/iyCRegmXUhN9rcPr34GQiw4uLrWKnRhHMQNwOMPVOG6MgPm9+eYBExY7Avl/Evscidd6uewc/+z1soTNIh0qjWS5R5ubgET+Y1G6B68dVrqLE9rA9Z3yIfcp8q/mal+qlkiSv9Vx8285CcM1H2nmXN40zGO3Ad9kVwsgzoHknIW9woUNly9GZeeSx6m5GCqAR7RFsNh6G0xYE7gtWoNs5xhGOyY7Dp+6XhYUPJQJF/kJkKmfFr/0nzXDjCqC2Fdc+OO5ao2nMod3uXFFUZBZzms0+RM0fcTwDLdaEkTw2q63ik4yRcBL7k5uMb7YTeZTitKFmaqPfq9DNgs+hItzDDAUBiJxbww40Z7O1kByg5J2PHU0Z0QJR5pXdMIwakLsKBIWZ7vVWGTmiPM46uRQSrdmjLUVCpanXk4OnRp2JA/Enhe76eASIN0rmHNLAPgzY5H8uhdAnlZ83RZ9qacOgQbjQ9s+rvUl+LpbxnZOolWcVnGUHZj/u11AVIz4VS6AB4g2rFpxSpt0welvuvngshOW+qpzIiw1k0oXsX4WkvxG4s7dwlfAUuYpJCU92EtSkF3z8qBSG35J6k156nXul/zIrxsYv8iuj7Oc5YwceqPhWNaysdRfueEgarfTdJiLisKqeWB8JTEFLDQCHDrbT8krWbbxe1e948grStUpx86BhQIB9bY3lleGgb8J3NNbU1qIltoVwxegECm2CyoA5NHJG5pLaaYBRlWlQC/VZMoo385DQL3k/Vsrn31qdNc50aPisQnqrKbqCdIcdG26VnXkJC9gyhHefzXwu+VkvJJ4eGBmRZF+eB7enzyjHaqjLXJJuk2drsDzWnuAGGA8Ys1KN/mJY4tF741Ba8rZmr/4BcPPRzR47PDOtBQsaI7RsdX+DoVsdgX6P8b3iVIuEm3DHjZlaeQDqFqrp/Q9gHEAjUmpa+zAk1wZ1XU5fw8YiKj3xP+/9pQ5QHqU+IkeZK7306b7rywI7PJf32QOfaSFPBiPI1NhQsBRoVbR5VKNiwK9nKA6fhxiWjvHqcCI8+MoxWhXbq2TwSfQLg91+NwzAUaH61xR1dQw55UAAUS0HfoZTSKqyyIffTNvF6ulRJITMtr6h1q0N8cVdZln0zTBT2k8uMvt5z5RFc58XpRhm8FXXx9LYtlMSdshVhYYyqepMOnhn/4UU25aqQ6swVmsyoJgFYM9ABXbMlFIGVivGEptHDEA5EFhfb6uPUHFmMKkT4rV4Uy8h0h2P8vEitCRZLW/VM3t14/2CN7IT5EQqmKyei+CdKHXiqJlb+Oi7bAATLiroIRoRdF9Ydp1nDRgU6XMxfv+60o2Cxkal2lSmM9YsCByLXY0Zefen0TNca/wndhuRkSJ/GVu2+E6OZtx9zfC0I/GDV4g8TfK3GLGINXBwifOrTcPTyaRgGmAO7OmhNES1pgEvebbeTJipVvq6PCGzVMARsQMF10eHvZQpgMjSq0mSSyccW4BF7PVF4013hgZuT3ZzHHN8zPUyRPifqyLYc3grL0ZOrY6zM+HWM0WvtE3T0u7psdxdxkqHWIxaCnbn3w8H/pqjBb5f6xWjC0auzM6lPtJ6zZ28TBuwSm2ovcOpeGVUx0iYMGLrRty6Iu02,iv:0rzvTEH041voxTfHnSlAfQx7SyBvcY6fUQxbmfqyGmA=,tag:CmyhGqlyXqI5o2H3T+otpw==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-12T21:23:26Z", - "mac": "ENC[AES256_GCM,data:YX01kVU0XeEFDtZokPcpZ0rkFWFqY29L8/vEEtBv8JuooEC8+P9GArK1yrOlAh80UnQb3aJC76lVLFJIToeUmSImvJzD3YBril9YQs5NsBKCxwyroMNOMaKmR7Lzn15rfXhBCtjzeLe8ILyzTtUrW/VqwPuO4bqpqd2fdKSAVzk=,iv:QDixQGXUITr9SlQs4kJ/daUt/THafb5UB81xmw4eZIs=,tag:vC+H/fBJ7CcwL+n60QMu1Q==,type:str]", + "lastmodified": "2025-10-21T17:52:25Z", + "mac": "ENC[AES256_GCM,data:SNsmzPknGzx9H7baoKo8gKSac/86sW5em3MKyhYFUxfRhZEtkUwkzz6KwDgZ4YCBzUlLrToiLUICA6KPnkXDHhKBh+8dyyVlB8ISU3gDbozjwRNA78oatLlA4h5sa5RADLha9j7Fr9euy4rcrCmk6jpL26RmsiFZhzaAxhkal4s=,iv:hmRyoG9tW5Wl9AKxWDW4Hv9Qvb5zlM4Ktrk0Q8jsVxg=,tag:ofsjndQpjLmnCMvz1NTsCA==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z",